Learning Objectives

Course Outline

Module 1: Zero Trust fundamentals and best practice frameworks

Zero Trust initiatives; Zero Trust technology pillars part 1; Zero Trust technology pillars part 2.

Module 2: Aligning solutions with the Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF)

Defining a security strategy; Secure methodology within the Cloud Adoption Framework; Incorporating security into Azure Landing Zones; Security considerations within the Well-Architected Framework.

Module 3: Aligning solutions with the Microsoft Cybersecurity Reference Architecture (MCRA) and Microsoft Cloud Security Benchmark (MCSB)

Applying best practices for security capabilities and controls; Applying best practices for attack protection.

Module 4: Building a resiliency strategy against common cyberthreats including ransomware

Common cyberthreats and attack patterns; Supporting business resiliency; Ransomware protection approaches; Secure backup and restore configurations; Security updates.

Module 5: Case study: Applying security best practices and priorities

Case study description; Case study answers; Conceptual walkthrough; Technical walkthrough.

Module 6: Designing solutions for regulatory compliance

Translating compliance requirements into a security solution; Meeting compliance requirements with Microsoft Purview; Addressing privacy requirements with Microsoft Priva; Meeting security and compliance requirements with Azure Policy; Assessing infrastructure compliance using Defender for Cloud.

Module 7: Designing solutions for identity and access management

Designing cloud, hybrid, and multicloud access strategies (including Microsoft Entra ID); Designing a solution for external identities; Designing modern authentication and authorization strategies; Aligning conditional access with Zero Trust; Defining requirements to secure Active Directory Domain Services (AD DS); Designing a solution for managing secrets, keys, and certificates.

Module 8: Designing solutions for securing privileged access

The enterprise access model; Designing identity governance solutions; Designing a solution for secure tenant administration; Designing a solution for cloud infrastructure entitlement management (CIEM); Designing a solution for privileged access workstations and bastion services.

Module 9: Designing solutions for security operations

Designing security operations capabilities in hybrid and multicloud environments; Designing centralized logging and auditing; Designing security information and event management (SIEM) solutions; Designing detection and response solutions; Designing a solution for security orchestration, automation, and response (SOAR); Designing security workflows; Designing threat detection coverage.

Module 10: Case study: Security operations, identity, and compliance capabilities

Case study description; Case study answers; Conceptual walkthrough; Technical walkthrough.

Module 11: Designing solutions for securing Microsoft 365

Evaluating security posture for collaboration and productivity workloads; Designing a Microsoft Defender XDR solution; Designing configurations and operational practices for Microsoft 365.

Module 12: Designing solutions for securing applications

Defining and implementing standards for secure application development; Evaluating the security posture of existing application portfolios; Assessing application threats through threat modeling; Designing a security lifecycle strategy for applications; Securing access for workload identities; Designing a solution for API management and security; Designing a solution for secure application access.

Module 13: Designing solutions for securing organizational data

Designing a solution for data discovery and classification using Microsoft Purview; Designing a data protection solution; Designing data security for Azure workloads; Designing security for Azure Storage; Designing a security solution using Microsoft Defender for SQL and Microsoft Defender for Storage.

Module 14: Case study: Security solutions for applications and data

Case study description; Case study answers; Conceptual walkthrough; Technical walkthrough.

Module 15: Defining security requirements for SaaS, PaaS, and IaaS services

Establishing security baselines for SaaS, PaaS, and IaaS services; Defining security requirements for web workloads; Defining security requirements for containers and container orchestration.

Module 16: Designing solutions for security posture management in hybrid and multicloud environments

Assessing security posture using the Microsoft Cloud Security Benchmark; Designing integrated posture management and workload protection; Evaluating security posture with Microsoft Defender for Cloud; Using Microsoft Defender for Cloud secure score for posture evaluation; Designing cloud workload protection with Microsoft Defender for Cloud; Integrating hybrid and multicloud environments using Azure Arc; Designing a solution for external attack surface management.

Module 17: Designing solutions for securing server and client endpoints

Defining server security requirements; Defining requirements for mobile devices and clients; Defining security requirements for IoT and embedded devices; Securing operational technology (OT) and industrial control systems (ICS) with Microsoft Defender for IoT; Establishing security baselines for server and client endpoints; Designing a solution for secure remote access.

Module 18: Designing solutions for network security

Designing solutions for network segmentation; Designing traffic filtering solutions using network security groups; Designing solutions for network posture management; Designing solutions for network monitoring.

Module 19: Case study: Security solutions for infrastructure

Case study description; Case study answers; Conceptual walkthrough; Technical walkthrough.